
Accessing locked mobile phones has never been easier - which is a good thing, says O2...
Published: 5 July 2006 11:55 GMT
O2 is offering users a quick and easy way to unlock mobile phones with a personal unblocking code (PUK) which they can get online simply by typing their mobile number into the O2 website.
The website then generates the PUK code and, while that takes the headache out of dealing with call centres for users desperate to access their mobile after it becomes locked, it has raised some concerns about security as users only have to know the phone number - and it doesn't have to be their own phone.
Security expert Bruce Schneier, posting on his blog raised concerns that the system could pose a threat. "Now anyone on the internet can visit this website, type in a valid mobile telephone number, and get a valid PUK to reset the PIN - without any authentication whatsoever," he said.
The easiest breach to achieve would be when somebody steals a mobile phone from a person whose number they already know - in an environment such as a school or more worryingly an office where converged devices such as an XDA may hold a lot of sensitive corporate data.
Less simple would be when the thief doesn't know the mobile number. However, if they have snatched a coat, handbag or wallet as well, the contents may include an item such as a business card that can betray the mobile phone number.
But a spokesman for O2 told silicon.com this represents a very small security risk, far outweighed by the ease of use which will benefit customers.
The O2 spokesman said: "The vast majority of mobile phones which are stolen are already on, providing a window of opportunity to make calls between the phone being stolen and reported stolen.
"You're only ever asked for a PIN code when the phone is already switched off."
He added that the system is there to help users whose phones are accidentally locked, or in some cases are locked by a friend changing a PIN number as a joke. He said the benefits of such a straightforward system far outweigh "a very small security risk".
This is ridiculous. Are O2 trying to make life eas...
Anonymous
Great - O2 blackberrys with access to company emai...
Stuart Fawcett
I know thieves are not that clever, but surely eve...
Anonymous
"Less simple would be when the thief doesn't know ...
Mick J
Excellent customer service skills are needed to work for my client who are known for providing technically outstanding customer support on all mobile ...
Technical systems and platform design experience gained within the consumer electronics arena - mobile phones, netbooks, Laptops, Sat Nav, PNDs or ...
They will take ownership for the Threat Management Programme and will drive the actions raised, such as; ensuring security requirements are defined, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Natasha Lomas Exclusive: Jimmy Wales on what's next for Wikipedia Why Wikipedia needs geeks and why a life unplugged is unthinkable
Peter Cochrane Peter Cochrane's Blog: United breaks guitars? Customer service has changed forever